Propagating Fraud Awareness to Hosted Applications

1. A method comprising: receiving, by a gateway enforcement point, through a communication network from a client device used by a user, a first request to access a protected resource; responsive to receipt of the first request, authenticating, by the gateway enforcement point, the client device to establish a first authenticated communication session between the gateway enforcement point and the client device, with authenticating the client device including receiving, by the gateway enforcement point, authentication data relating to the user; further responsive to receipt of the first request to access the protected resource, sending, by the gateway enforcement point to a first cloud fraud detection system, a second request for fraud information relating to the user, with the second request including: (i) the authentication data, and (ii) a session identifier identifying the first authenticated communication session; receiving, by the gateway enforcement point from the first cloud fraud detection system, a first fraud data set indicative of fraud related information relating to the user; caching, in the gateway enforcement point as part of the first authenticated communication session, the first fraud data set; further responsive to receipt of the first request to access the protected resource, sending, by the gateway enforcement point to a second cloud fraud detection system, a third request for fraud information relating to the user, with the third request including: (i) the authentication data, and (ii) the session identifier; receiving, by the gateway enforcement point from the second cloud fraud detection system, a second fraud data set indicative of fraud related information relating to the user; caching, in the gateway enforcement point as part of the first authenticated communication session, the second fraud data set; and controlling, by the gateway enforcement point, access to the protected resource by the client device in a manner based upon both of the following: (i) the fraud related information of the first fraud data set, and (ii) the fraud related information of the second fraud data set.

2. The method of claim 1 wherein controlling access includes denying, by the gateway enforcement point, access to the client device of the protected resource based on at least one of the following: (i) the fraud related information of the first fraud data set, and (ii) the fraud related information of the second fraud data set.

3. The method of claim 1 wherein controlling access includes propagating, by the gateway enforcement point to a resource server hosting the protected resource: (i) the fraud related information of the first fraud data set, and (ii) the fraud related information of the second fraud data set.

4. A computer program product comprising: a machine readable storage device; and computer code stored on the machine readable storage device, with the computer code including instructions for causing a processor(s) set to perform operations including the following: receiving, by a gateway enforcement point, through a communication network from a client device used by a user, a first request to access a protected resource, responsive to receipt of the first request, authenticating, by the gateway enforcement point, the client device to establish a first authenticated communication session between the gateway enforcement point and the client device, with authenticating the client device including receiving, by the gateway enforcement point, authentication data relating to the user, further responsive to receipt of the first request to access the protected resource, sending, by the gateway enforcement point to a first cloud fraud detection system, a second request for fraud information relating to the user, with the second request including: (i) the authentication data, and (ii) a session identifier identifying the first authenticated communication session, receiving, by the gateway enforcement point from the first cloud fraud detection system, a first fraud data set indicative of fraud related information relating to the user, caching, in the gateway enforcement point as part of the first authenticated communication session, the first fraud data set, further responsive to receipt of the first request to access the protected resource, sending, by the gateway enforcement point to a second cloud fraud detection system, a third request for fraud information relating to the user, with the third request including: (i) the authentication data, and (ii) the session identifier, receiving, by the gateway enforcement point from the second cloud fraud detection system, a second fraud data set indicative of fraud related information relating to the user, caching, in the gateway enforcement point as part of the first authenticated communication session, the second fraud data set, and controlling, by the gateway enforcement point, access to the protected resource by the client device in a manner based upon both of the following: (i) the fraud related information of the first fraud data set, and (ii) the fraud related information of the second fraud data set.

5. The computer program product of claim 4 wherein controlling access includes denying, by the gateway enforcement point, access to the client device of the protected resource based on at least one of the following: (i) the fraud related information of the first fraud data set, and (ii) the fraud related information of the second fraud data set.

6. The computer program product of claim 4 wherein controlling access includes propagating, by the gateway enforcement point to a resource server hosting the protected resource: (i) the fraud related information of the first fraud data, and (ii) the fraud related information of the second fraud data set.

7. A computer system comprising: a processor(s) set; a machine readable storage device; and computer code stored on the machine readable storage device, with the computer code including instructions for causing the processor(s) set to perform operations including the following: receiving, by a gateway enforcement point, through a communication network from a client device used by a user, a first request to access a protected resource, responsive to receipt of the first request, authenticating, by the gateway enforcement point, the client device to establish a first authenticated communication session between the gateway enforcement point and the client device, with the authenticating the client device including receiving, by the gateway enforcement point, authentication data relating to the user, further responsive to receipt of the first request to access the protected resource, sending, by the gateway enforcement point to a first cloud fraud detection system, a second request for fraud information relating to the user, with the second request including: (i) the authentication data, and (ii) a session identifier identifying the first authenticated communication session, receiving, by the gateway enforcement point from the first cloud fraud detection system, a first fraud data set indicative of fraud related information relating to the user, caching, in the gateway enforcement point as part of the first authenticated communication session, the first fraud data set, further responsive to receipt of the first request to access the protected resource, sending, by the gateway enforcement point to a second cloud fraud detection system, a third request for fraud information relating to the user, with the third request including: (i) the authentication data, and (ii) the session identifier, receiving, by the gateway enforcement point from the second cloud fraud detection system, a second fraud data set indicative of fraud related information relating to the user, caching, in the gateway enforcement point as part of the first authenticated communication session, the second fraud data set, and controlling, by the gateway enforcement point, access to the protected resource by the client device in a manner based upon both of the following: (i) the fraud related information of the first fraud data set, and (ii) the fraud related information of the second fraud data set.

8. The computer system of claim 7 wherein controlling access includes denying, by the gateway enforcement point, access to the client device of the protected resource based on at least one of the following: (i) the fraud related information of the first fraud data set, and (ii) the fraud related information of the second fraud data set.

9. The computer system of claim 7 wherein controlling access includes propagating, by the gateway enforcement point and to a resource server hosting the protected resource: (i) the fraud related information of the first fraud data set, and (ii) the fraud related information of the second fraud data set.